So the requirement here is, we do not want to run MariaDB as the mysql user and group which is the default. We will see how we can configure MariaDB to run as a custom user and group other than mysql.

 

Note:

Many steps are required to permanently change the user and/or group under which MariaDB runs, in a way that survives updates of the mariadb-server package. Handle with care and make a backup first. 

 

1. Stop MariaDB if it is running.

# systemctl stop mariadb

 

2. Add the desired user and/or group with which you want to run the MariaDB.

# groupadd -r customGroup
# useradd -r -g customGroup customUser

 

3. Inspect the mariadb-server package to see what /var/… directories it provides.

# rpm -qlv mariadb-server | grep ^d.*/var
drwxr-xr-x    2 mysql   mysql                       0 Aug  4  2017 /var/lib/mysql
drwxr-x---    2 mysql   mysql                       0 Aug  4  2017 /var/log/mariadb
drwxr-xr-x    2 mysql   mysql                       0 Aug  4  2017 /var/run/mariadb

 

4. Create a systemd-tmpfiles config file in /etc/tmpfiles.d/*.conf to manage auto-creation of the custom /var/run directory.

# echo "d /var/run/my-mariadb 0755 customUser customGroup -" >/etc/tmpfiles.d/my-mariadb.conf
# systemd-tmpfiles --create

 

5. Decide on new locations for the other directories and create them with proper permissions.

# mkdir /var/lib,log}/my-mariadb
# chmod 750 /var/log/my-mariadb

 

6. Migrate any content from the old /var/lib/mysql and /var/log/mariadb directories.

# mv /var/lib/mysql/* /var/lib/my-mariadb
# mv /var/log/mariadb/* /var/log/my-mariadb

 

7. Set proper user/group ownership recursively on the new /var/lib/… and /var/log/… directories

# chown -R customUser:customGroup /var/{lib,log}/my-mariadb

 

8. Set proper SELinux contexts on the new directories (using equivalency rules where possible). This step is optional if you have SELinux disabled.

# semanage fcontext -a -e /var/lib/mysql /var/lib/my-mariadb
# semanage fcontext -a -e /var/log/mariadb /var/log/my-mariadb
# semanage fcontext -a -t mysqld_var_run_t '/var/run/my-mariadb(/.*)?'

 

9. Do the one-time restorecon on the new directories

# restorecon -RF /var/{lib,log,run}/my-mariadb

 

10. Modify the /etc/my.cnf file to point to the new directories. The following shows a default my.cnf as shipped in the mariadb-server rpm.

# cat /etc/my.cnf | grep var
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

 

After modifying the /etc/my.cnf file, it should look like as shown below.

# cat /etc/my.cnf | grep var
datadir=/var/lib/my-mariadb
socket=/var/lib/my-mariadb/mysql.sock
log-error=/var/log/my-mariadb/mariadb.log
pid-file=/var/run/my-mariadb/mariadb.pid

 

11. Create a symlink from the original socket-file location to the new one. Without this, local non-network access (e.g., with the mysql command) would require specifying the new custom socket path (e.g., mysql -S /var/lib/my-mariadb/mysql.sock)

# ln -sv /var/lib/my-mariadb/mysql.sock /var/lib/mysql/mysql.sock
‘/var/lib/mysql/mysql.sock’ -> ‘/var/lib/my-mariadb/mysql.sock’

 

12. Modify the systemd service file to execute as custom user/group

# mkdir -p /etc/systemd/system/mariadb.service.d
# echo -e "[Service]\nUser=customUser\nGroup=customGroup" > $_/usergroup.conf

 

13. Reload systemd and start up MariaDB.

# systemctl daemon-reload
# systemctl start mariadb

 

Was dit antwoord nuttig? 0 gebruikers vonden dit artikel nuttig (0 Stemmen)